1. Field of the Disclosure
The present disclosure relates to internet service provider (ISP) authentication of eCommerce transactions. More particularly, the present disclosure relates to a method and system of associating for authentication purposes an ISP recognition identification (ID) with a cashless payment account used in an eCommerce transaction. The present disclosure provides advantages in fraud prevention, as well as in data collection for customers, merchants, and cashless payment account issuing institutions alike.
2. Description of the Related Art
Credit card companies (presently better referred to as “cashless payment account” institutions, thanks to a variety of new technologies for making payments including not only credit cards, debit cards, electronic wallets, transponder devices, near-field communication-enabled (“NFC”) smartphones, or similar presently existing or after-arising technology) are confronted with the daily task of determining which of the millions of transactions being processed between consumers and merchants are real and which are fraudulent. It is estimated that the sum of all worldwide credit card fraud is $5.55 billion annually.
Numerous techniques are utilized by cashless payment account issuing institutions to detect fraudulent transactions. Cashless payment account institutions watch, for example, a small purchase followed immediately by a larger one, a purchase out of character with the usual buying habits of the individual, and substantial online purchases, as well as a variety of other techniques. Many of the existing techniques have flaws inherent in them, and cashless payment account issuing institutions constantly search for new and improved ways to avoid fraud. The existing techniques for registration-based fraud detection suffer from cashless payment account holders that are wary, negligent in registering, or intentionally avoid registration in fraud prevention programs, avoiding the benefits they provide.
Existing anti-fraud tools utilize IP address, browser and cookie settings and cardholder login to authenticate a customer. IP address driven approaches are suboptimal because IP addresses are reassigned dynamically over time, although they do help in determining the general geographic location of the internet user.
For example, PayPal prompts users with additional security measures if they access their account from a foreign IP address or VPN, indicating that IP address is a component of their authentication measures.
The use of browser settings are also suboptimal because these can only be captured by the merchant site being accessed, so this information is difficult (or is not) shared by merchants to collectively improve fraud detection. For example, if a purchase is made from an American credit card on an American IP address but the computer has Vietnamese characters installed and is set to a Vietnamese time zone, it will likely be rejected.
One scalable alternative to these methods is to have the cardholder opt in to the use of cell phone geolocation when authorizing a transaction. This method is less useful for eCommerce transactions than for face-to-face transactions, however, it is still useful given that payment cardholders will often make such purchases from their home (a recurring geolocation) or their workplace (another recurring geolocation).
There is a continuing need in addressing payment card theft and fraud, for authenticating the identity of a card user based on the point of sale as well as other usage, without the need for a user to enroll in a credit fraud reporting service. There is also a need, not addressed in any prior art, for relating databases of users' on-line activity(s) to match-up a user's activity recorded for one service with a different activity recorded for another service. Such information could be useful, for example, in eCommerce payment fraud prevention.